ifconfig: Fix invalid free() in ifbridge
ClosedPublic
Actions

Authored by ivy on Mon, Nov 3, 5:28 AM.

Tags

None

Referenced Files

	F134789244: D53545.id165709.diff
	Tue, Nov 4, 3:33 PM

	F134788847: D53545.id165782.diff
	Tue, Nov 4, 3:30 PM

	F134788341: D53545.id.diff
	Tue, Nov 4, 3:27 PM

	F134788157: D53545.diff
	Tue, Nov 4, 3:25 PM

	F134771672: D53545.id.diff
	Tue, Nov 4, 1:04 PM

	F134745135: D53545.id165782.diff
	Tue, Nov 4, 8:23 AM

	F134727817: D53545.id.diff
	Tue, Nov 4, 5:35 AM

	F134714431: D53545.id165709.diff
	Tue, Nov 4, 3:35 AM

View All 15 Files

Subscribers

imp

zlei

Details

Reviewers

des
kevans
zlei

Group Reviewers

network

Commits

rGfe2e53443377: ifconfig: Fix invalid free() in ifbridge
rG0899f7a3b791: ifconfig: Fix invalid free() in ifbridge

Summary

parse_vlans() does 's = strdup(str)', then calls strsep(&s, ...), then
attempts to free(s) at the end of the function. For the success case,
this is fine (s is NULL, so it's a trivial memory leak), but in the
error case, we will attempt to free an invalid pointer.

Fix this by storing the original return value from strdup() and freeing
that instead.

Reported by: David Gwynne <dlg@openbsd.org>
MFC after: 3 days